Things I wish to know about the eWPT exam before started

Hello Everyone,

My name’s Cristiano and I am one of the most recent students of this course to start the exam (Apr 8, 2021, 12:55:07).

In the first two days, I found the vulnerabilities and access to admin, plus I understood exist a few more inside the scope. My methodology it’s taking notes and everything relevant during the recon process including screenshots.

After the first round to find vulnerabilities, I understood that I could take a lot of time to put into the report, so I decided to write everything and organize my report because I am working 9/10 hours per day like most people. The plan was to back into the platform after writing the structure of the report and the vulnerabilities I found. This could give me a few extra times, in the end, to do another round of recon and assessment to deliver the best report I can according to my available time.

But I was extremely surprised when I read “Access to the exam lab expired on Apr 15, 2021, 12:55:07 (UTC), as indicated in the exam specifications.”. At this moment, reading this I felt that I was done and I couldn’t finish the exam because apparently I made a mistake and my plan will fail.

I have a step back. I stopped to think a bit about this and reflected before writing this message.

It was a feeling of frustration/sadness to be limited for something that in fact, I never read before. After a few days, I still don’t remember in any moment to read that I only have seven days with access to the Hera scenario. To confirm this I reopen the document explaining the exam (letter of engagement and the eWPT Exam Guide) and I couldn’t find it.

A few notes:

  • This is not a complaint, it’s more a question/suggestion about an issue that probably I created.
  • Probably this was my fault. I hope to be wrong and I would like some admin to give me some feedback saying where this is explained.
  • Suggestion: Maybe could be nice for students to have some extra information close to eWPT Exam Scenario saying “you have 7 days” or something like that. Something like a counter to everyone beware that you cannot just follow what you want in 14 days and you have some rules to follow.
  • I was checking other topics open on the forum and I didn’t found complaints about this so I believe it’s just me and if I am wrong please let me know.

My perspective about company and exam:

  • I wanna say that I lost a few hours during the access of studies (Support/Forum topic never been responded to) but nothing of this affect me. I still have hours available so I feel that we don’t need so many hours to do the exam.
  • Most students open topics complaining about issues they found or the exam it’s not vulnerable. They are all wrong.
  • Exist a lot of vulnerabilities and if you are not able to found them, this means you need to study more and check all documentation that the course gave you.
  • Stop complaining about the exam is hard because it’s not. If you go to the real world doing reports, you will see how this exam it’s easy.
  • The most difficult part I believe it’s to report everything on documentation and organize the document in a good way to be readable and everyone understand well your report.
  • The admins on the forum it’s helping a lot. Stop complain and being unfair to them.
    • They are giving a lot of great suggestions and tips about what you should do and you shouldn’t do.
    • Go to the search tool into the forum and do your “recon” here.
    • You gonna find tons of things that you need to do to pass.
  • After that, I wanna say I didn’t submit my report yet. I’ll do my best but I have a feeling that probably I’ll not pass because the platform is closed already.
    • In total, I basically did access during two full days.
    • In fact, a few time I didn’t close the connection because it wasn’t limited.
  • But I did tons of notes and I’ll deliver the best report I can.

Quick tips to students:

  • Search on the forum.
  • Read documentation you already studied before the exam.
  • define well your report structure.
  • Questions that you should respond to each vulnerability on your report:
    • what’s the risk?
    • what’s the CWE?
    • what’s the CVSS?
    • what’s the complexity involved?
    • Any parameters?
    • how do the exploitability?
    • what’s the business impact?
    • how to reproduce?
    • Any references that it’s relevant to?
    • whats your proposed solutions?
  • Don’t forget the report should have a global vision and then go into detail into each vulnerability.
  • Explain each vulnerability you found as the only one. Don’t be afraid to type words.
  • It’s better to have regrets about something you wrote than something you didn’t.
  • Last but not least, every document has a structure. The reports it’s no different.

I wanna say thank you to all admins that giving so many good suggestions and being so patient with each student and help them with so many different things still when they don’t have anything to complain about but just dropping frustration.

In nutshell, These are just quick notes that I felt could be a great contribution to students and suggestions about the counter.

This is what I would like to read before doing the exam, so maybe this will help at least one student :)


Original Post by Cristiano

I just got my certification today April 23, 2021! :slight_smile:
Good Luck everyone

Original Reply by Cristiano


How long did you think you had for the exam?

Original Reply by Fugazi

You have 14 days, it’s more than enough :)

But the first 7 days, focus on the platform and take notes about everything you can (texts, screenshots or other relevant steps).

Then you have another 7 days to write your report. I don’t think you need 7 days to do the assessment on the platform so I recommend you invest more time with the report.

Think the report it’s your MasterPiece so do your best there :ph34r:

Original Reply by Cristiano

Hey Cristiano,

Thanks so much for the feedback, really appreciated! We’ll take it into account and made more clear that there are only 7 days of lab access!


Original Reply by Andres